Skip to content

Ouija

Description

Automated Scanning

NMap Scan

# Nmap 7.94SVN scan initiated Fri Mar  1 15:17:13 2024 as: nmap -sC -sV -vvv -T4 -oN Data/Machines/ouija/nmap.txt 10.10.11.244
Warning: Hit PCRE_ERROR_MATCHLIMIT when probing for service http with the regex '^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?.*\r\nServer: Virata-EmWeb/R([\d_]+)\r\nContent-Type: text/html; ?charset=UTF-8\r\nExpires: .*<title>HP (Color |)LaserJet ([\w._ -]+)&nbsp;&nbsp;&nbsp;'
Nmap scan report for ouija.htb (10.10.11.244)
Host is up, received conn-refused (0.089s latency).
Scanned at 2024-03-01 15:17:13 EST for 26s
Not shown: 997 closed tcp ports (conn-refused)
PORT     STATE SERVICE REASON  VERSION
22/tcp   open  ssh     syn-ack OpenSSH 8.9p1 Ubuntu 3ubuntu0.4 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   256 6f:f2:b4:ed:1a:91:8d:6e:c9:10:51:71:d5:7c:49:bb (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOF5zQd8OgxRSgutBifLJRc7jgEi2e7uNFtuctcdQmJGWQYTQ+PZQcwv5fZnF0BHotgSA8Vp58ftuLK93zuh7I8=
|   256 df:dd:bc:dc:57:0d:98:af:0f:88:2f:73:33:48:62:e8 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICKPk/B9wRV28rwbwQHh9JYErJC2f/143AtDpUhHgTro
80/tcp   open  http    syn-ack Apache httpd 2.4.52
|_http-server-header: Apache/2.4.52 (Ubuntu)
| http-methods: 
|_  Supported Methods: GET POST OPTIONS HEAD
|_http-favicon: Unknown favicon MD5: 4D65D9ED50BA7BF7B7E28EC7786F3EC7
|_http-title: Ouija
3000/tcp open  http    syn-ack Node.js Express framework
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-title: Site doesn't have a title (application/json; charset=utf-8).
|_http-favicon: Unknown favicon MD5: 03684398EBF8D6CD258D44962AE50D1D
Service Info: Host: localhost; OS: Linux; CPE: cpe:/o:linux:linux_kernel

Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Fri Mar  1 15:17:39 2024 -- 1 IP address (1 host up) scanned in 26.30 seconds

Gobuster (DNS) Scan

DirBuster Scan

No Results

Nuclei Scan

[caa-fingerprint] [dns] [info] ouija.htb
[options-method] [http] [info] http://ouija.htb ["GET,POST,OPTIONS,HEAD"]
[apache-detect] [http] [info] http://ouija.htb ["Apache/2.4.52 (Ubuntu)"]
[fingerprinthub-web-fingerprints:openfire] [http] [info] http://ouija.htb
[tech-detect:bootstrap] [http] [info] http://ouija.htb
[tech-detect:font-awesome] [http] [info] http://ouija.htb
[tech-detect:animate.css] [http] [info] http://ouija.htb
[http-missing-security-headers:x-permitted-cross-domain-policies] [http] [info] http://ouija.htb
[http-missing-security-headers:referrer-policy] [http] [info] http://ouija.htb
[http-missing-security-headers:clear-site-data] [http] [info] http://ouija.htb
[http-missing-security-headers:cross-origin-embedder-policy] [http] [info] http://ouija.htb
[http-missing-security-headers:content-security-policy] [http] [info] http://ouija.htb
[http-missing-security-headers:x-frame-options] [http] [info] http://ouija.htb
[http-missing-security-headers:x-content-type-options] [http] [info] http://ouija.htb
[http-missing-security-headers:cross-origin-opener-policy] [http] [info] http://ouija.htb
[http-missing-security-headers:cross-origin-resource-policy] [http] [info] http://ouija.htb
[http-missing-security-headers:strict-transport-security] [http] [info] http://ouija.htb
[http-missing-security-headers:permissions-policy] [http] [info] http://ouija.htb
[apache-server-status] [http] [low] http://ouija.htb/server-status
[missing-sri] [http] [info] http://ouija.htb/ ["http://gitea.ouija.htb/leila/ouija-htb/js/tracking.js?_=0183747482"]
[server-status-localhost] [http] [low] http://ouija.htb/server-status
[waf-detect:apachegeneric] [http] [info] http://ouija.htb/
[ssh-auth-methods] [javascript] [info] ouija.htb:22 ["[\"publickey\",\"password\"]"]
[ssh-password-auth] [javascript] [info] ouija.htb:22
[ssh-server-enumeration] [javascript] [info] ouija.htb:22 ["SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.4"]
[ssh-sha1-hmac-algo] [javascript] [info] ouija.htb:22

Automation Summary

Summary:

  • Nmap scan identified three open ports on the target machine:
  • Port 22 (SSH): Running OpenSSH 8.9p1 on Ubuntu Linux.
  • Port 80 (HTTP): Running Apache httpd 2.4.52.
  • Port 3000 (HTTP): Hosting a site powered by Node.js Express framework.
  • Gobuster and DirBuster scans did not yield any results, suggesting no hidden directories or files were found.
  • Nuclei scan provided various insights including:
  • Detection of Apache web server and related technologies (e.g., Bootstrap, Font Awesome, Animate.css).
  • Missing security headers on the HTTP server.
  • Identification of Apache server status page.
  • Detection of potential vulnerabilities like missing Subresource Integrity (SRI) and web application firewall (WAF) detection.
  • Information regarding SSH authentication methods, potentially indicating weak authentication configurations.

Further enumeration and analysis are recommended to identify potential attack vectors and security weaknesses on the target machine.

AI Generated

User Own

Root Own

Summary

AI Generated

References